Asterisk PJSIP TLS, Client behind nat issue

Sorry for my pool English. Wish U can undersand lol.

Asterisk tested version: 13.x cert, 13.x lts latest, 13.x in ubuntu default apt repo, 16.x cert, 16.x lts latest(pjsip2.9).

Server network : Public ipv4 address. TLS transport.

Client software: Tested on multiple client software phones. Bria, GSWave, MicroSIP, AndriodSip, SIP bundled in android dialer.

Client network: All behind ipv4 NAT, multiple network env, LTE, normal NAT, multiple router. Client with public ipv4 address do not have this issue. TLS transport.

Issue content:

Client behind with tls protocol (RTP/SRTP) cannot recieve server’s download RTP/SRTP stream. For debuging, I use a dialplan with answer and saydigits. Uploading works well (use recording for debug).

Under same pjsip configuration and change the transport from tls to udp, it works well.

After debugging, I found asterisk pjsip doesn’t handle RTP well with TLS transport.

All of my endpoints are set NAT-relate attributes (direct_media=no, force_rport=yes,rtp_symmetric=yes,media_use_received_transport=yes), they work well on udp transport. Debugging shows that the clients send RTP handshakes with 192.168.x.x private address with udp transport, and the server use rport. But when the clients use private address with tls transport, the server just ignore the NAT-relative attributes, send rtp packets to the private address, and client cannot recieve that. No download data.

The RTP usage and stack is the same between UDP, TLS, RTP, SRTP, etc. When rtp_symmetric is enabled inbound media has to be received in order to latch on to the source IP address. Have you confirmed media is being received using “rtp set debug on”?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.